Multi-License Discount Quote

Change Region

English
Threat Database Adware NSIS:Bundlore-B

NSIS:Bundlore-B

By Domesticus in Adware

Threat Scorecard

Popularity Rank: 15,202
Threat Level: 10 % (Normal)
Infected Computers: 811
First Seen: September 21, 2012
Last Seen: February 1, 2026
OS(es) Affected: Windows

NSIS:Bundlore-B is an adware application containing downloader functionalities that occurs in the form of NSIS installer. NSIS:Bundlore-B can install other malware infections from a distant server on the compromised PC. NSIS:Bundlore-B uses the NSIS installer tools for dropping and running other malevolent files. Mainly, NSIS:Bundlore-B is used to distribute toolbars. unwanted applications and browser redirect viruses. NSIS:Bundlore-B is also recognized as a media malware threat because it integrates into multimedia files. NSIS:Bundlore-B is bundled with multi-media players that may be download by Internet users from the website that provides free movies or video. The doubtful website fools web users by encouraging them to install the player for viewing the video for free. If the free application is loaded, NSIS:Bundlore-B will be installed on the PC which may lead to the computer system's damage.

Aliases

6 security vendors flagged this file as malicious.

Antivirus Vendor Detection
GData NSIS:Bundlore-B
AntiVir TR/Ezula.AX.4
Avast NSIS:Bundlore-B [Adw]
Symantec Trojan.ADH.2
NOD32 Win32/Adware.Bundlore
McAfee GenericTRA-AG!4349BA3F4DD6

SpyHunter Detects & Remove NSIS:Bundlore-B

File System Details

NSIS:Bundlore-B may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. VLC Setup.exe 4349ba3f4dd6e2f5db4a53662d9d79f0 5

Analysis Report

General information

Family Name: PUP.Bundlore
Signature status: Modified signature

Known Samples

MD5: cab3777973bd4722e1e61bee5d47b4b9
SHA1: 63608aeb8bcf0490f68ddc80eac740a072a110a8
File Size: 291.66 KB, 291656 bytes
MD5: 19e0727c9ce27baea062f26774a88807
SHA1: 28c9d8f2da72c53e26b79f7d115ac727a9bda57e
SHA256: B39A0EA6F8B13D814CA5BA39C11543A0DF014FA0E4456C2A53A01C2F539231D2
File Size: 271.73 KB, 271728 bytes
MD5: c37b491189283951f6821496d09e9529
SHA1: 909eeba375cdd5df5601897c8f8d48e340ad3299
SHA256: 8259686ED387CF8E5386560DC31CD9EEFF509F3313DF36E20D253B97C4C2F762
File Size: 138.61 KB, 138608 bytes
MD5: 86a1484155513d68f1c86a00d7a76174
SHA1: 8a6cc669f1381f3d75d41bdd830c98d88d25dc2d
SHA256: 3200236864F5EBE277D2C1EE0E5ED89C264479765FCF30659181512498AD5FDF
File Size: 504.51 KB, 504510 bytes
MD5: 40f2a544296a64704c21ec505b537282
SHA1: c64b58b7b557b1a4d81550622dfc89d41518debd
SHA256: 5F978E3A354EB61AFC60D5E58B39D7DAB70A3586A2E8245E1A32CDCF95151220
File Size: 349.94 KB, 349944 bytes
Show More
MD5: 74d18230f688dc80d3f85d48daaa21dc
SHA1: c6d265d7114684d44184c1ad68c11c36fc0d86d1
SHA256: 9FAC3B0217DEB964200FEC5A487166E2C73AF6D15F4A3808CD403E9008CB06E4
File Size: 138.61 KB, 138608 bytes
MD5: 408e8e55e4d613f41982a37b4c38a708
SHA1: 044b3abba0c715699d37b8749963dbb405229620
SHA256: 7C30951BD6E52674C7FDDC4F31C5C41743E3D9D15B1546C53908B0C7DF90F905
File Size: 1.28 MB, 1277488 bytes
MD5: 4f6f9065ca27f60d1be27b8dfd6cc930
SHA1: 88227de9c2ca848e18f65be35c74c89818808e58
SHA256: 2B222E8F2196A00D433E895A78C07349E590AFF6E8573E0F89A1C42557397FD5
File Size: 196.45 KB, 196448 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • This installation was built with Inno Setup.
  • VLC Plus setup
Company Name vlcplayerdownload.com
File Description
  • Any Media Converter Setup
  • VLC Plus setup
File Version
  • 1.14
  • 1.0.4.1
  • 1.0.2.0
Legal Copyright
  • Copyright © Search Setup (Converter_g63)
  • © vlcplayerdownload.com (VLC_A08_AUTO-Conv_zugo_babl_swim_cond_incr_mood-)
Product Name
  • Any Media Converter
  • VLC Player
Product Version
  • 2.0
  • 1.0.4.1
  • 1.0.2.0

Digital Signatures

Signer Root Status
Bundlore LTD UTN-USERFirst-Object Root Not Trusted

Block Information

Total Blocks: 435
Potentially Malicious Blocks: 3
Whitelisted Blocks: 421
Unknown Blocks: 11

Visual Map

? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 x 0 0 0 x 0 0 x 0 2 0 0 0 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 1 0 0 0 0 0 0 0 0 0 1 0 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 1 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 2 2 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 3 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.M
  • Agent.MH
  • Agent.MI
  • Agent.MU
  • Autorun.LA
Show More
  • FakeAV.AU

Files Modified

File Attributes
c:\13c3bcaf-c727-4e5f-923b-b72c24354742\installerhelper.dll Generic Write,Read Attributes
c:\13c3bcaf-c727-4e5f-923b-b72c24354742\loader.gif Generic Write,Read Attributes
c:\13c3bcaf-c727-4e5f-923b-b72c24354742\start.hta Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\5992f147-b7e9-4e77-a18f-47ea0095c7e3\909eeba375cdd5df5601897c8f8d48e340ad3299_0000138608 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5992f147-b7e9-4e77-a18f-47ea0095c7e3\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\5992f147-b7e9-4e77-a18f-47ea0095c7e3\config.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bc41cb93-1c67-478d-8de2-0218ca35a28e\88227de9c2ca848e18f65be35c74c89818808e58_0000196448 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bc41cb93-1c67-478d-8de2-0218ca35a28e\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\bc41cb93-1c67-478d-8de2-0218ca35a28e\config.ini Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\fed580d9-3437-435f-ae2e-83d9a6cce105\c6d265d7114684d44184c1ad68c11c36fc0d86d1_0000138608 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fed580d9-3437-435f-ae2e-83d9a6cce105\config.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\fed580d9-3437-435f-ae2e-83d9a6cce105\config.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-60j7t.tmp\044b3abba0c715699d37b8749963dbb405229620_0001277488.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ori2a.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ori2a.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ori2a.tmp\itdownload.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ori2a.tmp\tracking.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 Ⅳȁ৳龡^h紘Çt獖}j⦘·j좟Ê RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetQueryOption
  • InternetReadFile
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

(NULL) mshta.exe c:\13c3bcaf-c727-4e5f-923b-b72c24354742\start.hta
C:\Users\Lelspmap\AppData\Local\Temp\\5992f147-b7e9-4e77-a18f-47ea0095c7e3\909eeba375cdd5df5601897c8f8d48e340ad3299_0000138608
C:\Users\Lrhaxfch\AppData\Local\Temp\\fed580d9-3437-435f-ae2e-83d9a6cce105\c6d265d7114684d44184c1ad68c11c36fc0d86d1_0000138608
"C:\Users\Jsiiekpg\AppData\Local\Temp\is-60J7T.tmp\044b3abba0c715699d37b8749963dbb405229620_0001277488.tmp" /SL5="$D02BA,869012,90112,c:\users\user\downloads\044b3abba0c715699d37b8749963dbb405229620_0001277488"
C:\Users\Vgbyxnza\AppData\Local\Temp\\bc41cb93-1c67-478d-8de2-0218ca35a28e\88227de9c2ca848e18f65be35c74c89818808e58_0000196448

Trending

Most Viewed

Loading...